CVE-2025-4571 - GiveWP - Donation Plugin and Fundraising Platform Unauthenticated Data Disclosure and Modification Vulnerability
CVE ID : CVE-2025-4571
Published : June 19, 2025, 7:15 a.m. | 32 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 07:15:00 GMT
read more
CVE-2025-4965 - WordPress WPBakery Page Builder Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4965
Published : June 19, 2025, 7:15 a.m. | 32 minutes ago
Description : The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 07:15:00 GMT
read more
CVE-2025-5490 - WordPress Football Pool Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-5490
Published : June 19, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 06:15:00 GMT
read more
CVE-2025-5524 - OceanWP WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-5524
Published : June 19, 2025, 5:15 a.m. | 2 hours, 32 minutes ago
Description : The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 05:15:00 GMT
read more
CVE-2025-4367 - WordPress Download Manager Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4367
Published : June 19, 2025, 4:15 a.m. | 3 hours, 32 minutes ago
Description : The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 04:15:00 GMT
read more
CVE-2025-4479 - ElementsKit Elementor Addons and Templates WordPress Stored Cross-Site Scripting
CVE ID : CVE-2025-4479
Published : June 19, 2025, 4:15 a.m. | 3 hours, 32 minutes ago
Description : The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 04:15:00 GMT
read more
CVE-2025-50201 - WeGIA Web Manager OS Command Injection Vulnerability
CVE ID : CVE-2025-50201
Published : June 19, 2025, 4:15 a.m. | 3 hours, 32 minutes ago
Description : WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in version 3.4.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 04:15:00 GMT
read more
CVE-2025-52474 - WeGIA Web Manager SQL Injection Vulnerability
CVE ID : CVE-2025-52474
Published : June 19, 2025, 4:15 a.m. | 3 hours, 32 minutes ago
Description : WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. This issue has been patched in version 3.4.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 04:15:00 GMT
read more
CVE-2025-4661 - Brocade Fabric OS Path Transversal Privilege Escalation Vulnerability
CVE ID : CVE-2025-4661
Published : June 19, 2025, 3:15 a.m. | 4 hours, 32 minutes ago
Description : A path transversal vulnerability in
Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to
gain access to files outside the intended directory potentially leading
to the disclosure of sensitive information.
Note: Admin level privilege is required on the switch in order to exploit
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 03:15:00 GMT
read more
CVE-2025-50183 - OpenList Frontend Stored XSS Vulnerability
CVE ID : CVE-2025-50183
Published : June 19, 2025, 3:15 a.m. | 4 hours, 32 minutes ago
Description : OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in